SAML authentication can be used to establish a secure single sign-on (SSO) connection between Buzz and Microsoft Entra ID (formerly Azure AD).
Note: Azure AD is in the process of changing to Entra ID. This article uses screenshots from the still-in-use Azure, so it refers to it as such. We will update the article once Microsoft's transitions is complete.
This article covers how to configure your Buzz/Entra SAML SSO:
- In Azure: Add Buzz to Azure Active Directory
- In Azure: Acquire metadata to provide in Buzz
- In Buzz: Provide Entra metadata and copy Buzz metadata
This process requires gathering and providing information from and to both systems, so it's easiest to do with each system open.
Refer to this Azure/Entra article for additional help: Enable single sign-on for an enterprise application
1. In Azure: Add Buzz to Azure Active Directory
First, you need to add Buzz as an approved app in your Azure Active Directory:
- From the Azure portal side menu, select Azure Active Directory.
- Open Enterprise applications.
- Select + New application.
- Click + Create your own application in the top menu to add Buzz.
- Enter Agilix Buzz as the app name.
- Select Integrate any other applications you don't find in the gallery (Non-gallery) option.
- Click Create.
2. In Azure: Set up Azure and acquire metadata for Buzz
Once you've added Agilix Buzz to your approved Azure apps, you are returned to the Enterprise applications > All applications screen you navigated to in the first two steps of the last section.
From this screen:
- Search for Agilix Buzz.
- Select Agilix Buzz from the list.
- Azure recommends adding Users and groups that you want added to the Buzz app at this point. Follow their directions: Assign users and groups to an application.
- Select Single sign-on from the left menu (or click Get started on the Single sign-on card).
- Select SAML.
- On the Basic SAML configuration card, click Edit and provide:
Identifier (Entity ID): For this, add your Buzz userspace in the appropriate place in this URL:
- https://api.agilixbuzz.com/SAML/[INSERT USERSPACE]
Reply URL (Assertion Consumer Service URL): For this, add your Buzz userspace in the appropriate place in this URL:
- https://api.agilixbuzz.com/SAML/[INSERT USERSPACE]/Consumer
Sign on URL (Optional): If you want to, you can add your Buzz userspace in the appropriate place in this URL:
- https://[INSERT USERSPACE].AgilixBuzz.com/home
- Identifier (Entity ID): For this, add your Buzz userspace in the appropriate place in this URL:
- From the SAML Certificates card, download the Federation Metadata XML.
3. In Buzz: Provide Azure metadata and copy Buzz metadata
- On the Authentication card, select SAML as your authentication Type. Do not choose the "old version" of SAML.
- Click Add identity provider (IdP).
- Provide the Login prompt. This is what appears on the login button. If you have only one IdP, this defaults to Login, if you have more, you can label them appropriately.
- Upload the Federation Metadata XML file that you acquired from Azure.
- The Metadata resource path and Provider ID are automatically populated.
- Click Done.
- Provide a Logout redirect URL if you want users to be taken to somewhere other than the Buzz login screen when they sign out.
- Indicate if you want to Prevent users from using Buzz credentials.
- If you don't select this, you have the option to Allow users to create their own accounts rather than requiring they be created for them. You will also be able to set up your password policy.